July 18, 2016Get ready as Mimecast travels the world in a “Road Show” with J.Peter Bruzzese, a Microsoft MVP. Listen to each episode as he works with us to help share his experiences. He’ll be starting July 11th in Toronto, Canada and ending on December 9th in Orlando, Florida. Get ready to hear from J.Peter each episode on where he’s at, what he’s doing and what he’s excited about.
July 13, 2016
“5 days for a banking system to be down? That’s a lot of money down the drain… We can’t afford this hack right now… And frankly I think we can find 5.9million in between our couch cushions. It’s nothing.”
- Susan Jacobs, general counsel, E Corp
Season 2 Spoiler Alert – If you watch Mr. Robot – Be aware. the season starts July 13th on USA Networks.
The popular dark cyber-thriller and hit US TV-show, Mr. Robot, is back and the show’s global success offers a perfect opportunity to educate businesses and employees around the dangers of email security. If you don’t want to know how the first episode plays out, look away now.
The new episode features the hacking group, Fsociety, conducting a Cryptowall ransomware attack on E Corp, crippling all of its networked computers, and demanding a hefty ransom. The firm’s general counsel recommends they pay the ransom as it will cost more in lost earnings to do otherwise.
This price point dilemma is at the heart of ransomware’s success. For smaller businesses, the ransom is often pitched at $400-$1,000, paid of course, in bitcoins.
The temptation to pay up and move on is all too easy. Ransomware is therefore flourishing around the world and as of the end of March, 93 percent of all phishing emails contained encryption ransomware, according to a report released last month by PhishMe.
Yet the FBI doesn’t support paying a ransom in response to a ransomware attack. They say that you should never try to negotiate with the attackers because it further encourages cybercrime and that there is no guarantee they’ll even release your data. Instead, pull the plug (yes, pull the power) on the affected patient zero computer, so you can preserve its hard drive for forensic analysis later.
This same style of malware disrupted a series of US hospitals in March and Lincolnshire County Council in February. More recently there were reports that Office 365 was being targeted by a massive Cerber ransomware attack.
Mimecast Threat Labs have seen significant ransomware attacks spread by weaponized attachments. These are often Microsoft Office files booby-trapped with malicious macros, delivered by email, that download and execute ransomware when opened. Our own research recently found 44% of firms had seen an increase in attacks with added social engineering asking users to enable macros. 67% were not confident their employees would spot this combined attack.
So how do you defend your organization against ransomware?
The FBI suggests two key approaches:
- Prevention efforts—both in terms of awareness training for employees and robust technical prevention controls
- The creation of a solid business continuity and backup plans in the event of a ransomware attack
Prevention is key but traditional anti-virus software is increasingly little protection against new variants of malware sent by email. Organizations need to combine rigorous employee training with technology that analyses malicious links and attachments in real-time.
Ransomware has become a well-funded, well-organized cyber threat in today’s market. The perpetrators have simply become too good at it and quietly paying attackers off in the event that your network is hit, only emboldens them further. A variant of Cryptowall earnt its creators around $300 million in a very short space of time; so these criminals are well-funded and very capable. Who has a similarly sized IT budget? Not many of us, if any.
Effective cyber resiliency, therefore, requires new methods of prevention and third-party archives to get you back on your feet if something still gets through.
Interested in reading more? Click here.
July 12, 2016
At Mimecast, delivering the best customer experience is at the heart of everything we do. Whether before becoming a customer or when using our services, our mission is to meet and exceed customers’ needs and make the experience easy and enjoyable.
The Mimecast Administration Console allows customers to manage all aspects of their Mimecast service from a single web-based console, including security, Targeted Threat Protection, Archiving and Mailbox Continuity. It underpins the simple, fast and effective email risk management we deliver to our customers. That’s why I’m thrilled to announce the general availability of the first of a series of improvements we are making to our Administration Console.
For now, let’s talk about phase one of this upgrade. This first phase delivers a complete revamp of the top-level navigation and improvements to the service dashboard. These enhancements make managing Mimecast services even easier and more intuitive.
1. Menu Structure:
The top-level menu is more simple and intuitive for easier navigation.
Bookmark your 10 favorite items for quick access from the main screen.
3. Mimecaster Central Search:
Search our customer community and knowledge base from directly within the console.
4. New Contemporary Dashboard:
A redesigned dashboard features a cleaner layout making it easier to see what’s important.
5. Notification Feed:
A scrollable list of service status notifications and product news.
Easily go back to what you were doing with clickable recent history links.
Yesterday, Office 365 suffered hours of service degradation, causing major email and business disruption. The media reported that Exchange Online Protection's filtering infrastructure could have been at fault.
Now imagine this: It’s early afternoon on a work day, and your company’s email server goes down. Every last mailbox is affected, unable to send or receive messages. This could cripple employee productivity and ultimately cost you customer relationships, partnerships, and financial loss. But, you have Microsoft Office 365, so this won’t happen to you, right? This is where you’re wrong. This line of thinking could have major implications not only productivity but on the security of your organization’s data. After all, this very scenario just happened.
Microsoft explained the issue in an update, saying, “We identified that a recent update to the environment caused an EOP process that analyzes email to perform below acceptable thresholds, causing email messages to queue from both inbound and outbound sources.”
Thanks for the explanation, guys. But this doesn’t mean that you’re off the hook. Ironically, yesterday was the last day in Microsoft’s financial year, and for most businesses, the last day of the quarter. If you suffered downtime during such a critical time in your fiscal year, how would this affect your business?
This isn’t the first time Office 365 has experienced an issue and it certainly won’t be the last. If you are an Office 365 customer and still don’t have a Plan B for continuity in the cloud, are you exposing your business to failure?
Office 365 delivers efficiencies around time and cost, in fact, we’re on it here at Mimecast. But, this is your business and you need to start to plan for the worst. IT teams build disaster recovery plans for on-premises systems. But you need the same level of planning in a cloud-first world. You could be missing out on valuable and attainable services built to keep email running in the cloud, and your business could suffer during the next outage.
Find out more about how we can help keep your business running during an Office 365 outage here.